A Short Guide To Ransomware

Uploaded on 2021-10-29 in TECHNOLOGY--Resilience, FREE TO VIEW

Ransomware is a type of malware is designed to deny access to computer systems or sensitive data until a ransom is paid. 

While ransomware has been around for decades, ransomware attacks are becoming more sophisticated, spreading through phishing emails, spear phishing, email attachments, vulnerability exploits, computer worms and several other attack vectors.

Many cyber attacks give attackers access to your computer to install ransomware including:

 

●      Social engineering and phishing: Ransomware spreads by tricking users into downloading an infected email attachment that masquerades as a file from a colleague or boss.

●      Malvertising: Malvertising uses an infected iFrame or invisible element to spread ransomware. The iFrame redirects to a page that executes malicious code or an exploit kit to perform a drive-by download without user knowledge.

●      Vulnerabilities: More aggressive forms of ransomware like WannaCry exploit vulnerabilities to infect computers without user action.

Once infected, ransomware may encrypt some or all files.

After the initial ransomware infection, a ransom note explains the files are inaccessible. The victim must send a ransom payment to buy the decryption key to decrypt their files. Traditionally, ransom payments were demanded via prepaid cash services, Western Union transfers, gift cards, or premium rate SMS services. Nowadays, cybercriminals demand their ransom to be paid in Bitcoin and other cryptocurrencies.

According to the National Security Institute, the average ransom fee requested has increased from $5,000 in 2018 to around $200,000 in 2020. Cybersecurity Ventures predicts that ransomware will cost $6 trillion annually.

It is worth noting that in many cases, victims don't report ransomware attacks to law enforcement, creating artificially low reported ransomware numbers. In recent years, estimates of the number of ransomware attacks has reached 204.24 million.

The threat assessment experts at Upguard have produced a detailed review of various different  types of ransomware from 1989 to the present and here are three signicant expamples: 

 AIDS Trojan

One of the first known examples of ransomware was the AIDS Trojan written by evolutionary biologist Dr. Joseph Popp. Popp sent infected floppy diskettes to hundreds of victims under the heading "AIDS Information Introductory Diskette".

The Trojan replaced the AUTOEXEC.BAT file, which would then be used to count the number of times the computer has booted. Once the boot count reached 90, the ransomware hid directories and encrypted the names of all files on the hard drive (rendering the system unusable).

The victim would then be asked to 'renew the license' and contact PC Cyborg Corporation for payment, which involved sending $189 to a P.O. box in Panama, even though the decryption key could be extracted from the code of the Trojan.

Joseph Popp was ultimately declared mentally unfit to stand trial but promised to donate the profits from the ransomware to fund AIDS research.

WannaCry

WannaCry, an encrypting ransomware computer worm, was initially released on 12 May 2017. The ransom demand ranged from $300 to $600 to be paid in the cryptocurrency Bitcoin. WannaCry ransomware is also known as WannaCrypt, WCry, Wana Decrypt0r 2.0, WannaCrypt0r 2.0 and Wanna Decryptor.

It targets computers running outdated versions of the Microsoft Windows operating systems by exploiting the EternalBlue vulnerability in the Server Message Block (SMB) protocol. This allowed the ransomware to spread without victim participation. A group known as The Shadow Brokers stole the EternalBlue exploit from the United States National Security Agency (NSA) a few months prior to the cyber attack.

The EternalBlue exploit was discovered, but not disclosed, by the NSA prior to the attack. The NSA has since been criticized for not disclosing the exploit to Microsoft or the public on CVE, which may have allowed it to be patched prior to WannaCry.

Despite quick patching and the discovery of a kill switch domain, WannaCry was able to spread to an estimated 200,000 computers across 150 countries, causing hundreds of millions to billions of dollars in damages. Much of WannaCry's success was due to poor patching cadence.

Security experts, the United States, United Kingdom, Canada, Japan, New Zealand and Australia have formally asserted North Korea was behind the attack.

Ryuk

Ryuk is a sophisticated ransomware run by WIZARD SPIDER, a cyber crime group, who targets large enterprises for high ransom payments.  Rather than exploiting vulnerabilities or using a spray and pray phishing method, Ryuk is spread through spear phishing emails and an Emotet geo-based download function.

Once infected, a ransom note named RyukReadMe.txt is displayed containing a static template except for a changing email address and Bitcoin wallet. The email addresses usually contain one email at protonmail.com and another at tutanota.com, typically esoteric actors, directors or Instagram models' names are used.

Based on observed transitions to known Ryuk BTC wallets, the ransom demand varies significantly depending on the size and value of the victim's organization. Ideed, The Russia-based group has made roughly $3.7 million off 52 known transactions.

Want more ransomware examples?

For a detailed list of ransomware examples please visit the Upguard  website

You Might Also Read:

GCHQ Boss Says Ransomware Attacks Have Doubled In A Year:

 

« CISA, FBI & NSA Issue Ransomware Warning Alert
Iranian Petrol Stations Suffer A Massive Attack »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Dark Reading

Dark Reading

Dark Reading is the most trusted online community for security professionals.

Gatewatcher

Gatewatcher

Gatewatcher is a digital breach detection platform targeting crafted attacks and protecting organizations against advanced cyber threats.

BGD E-GOV CIRT

BGD E-GOV CIRT

BGD e-GOV CIRT's mission is to support government efforts to develop ICT programs by establishing incident management capabilities within Bangladesh.

AuthenTrend

AuthenTrend

AuthenTrend provide biometric authentication products to achieve high security with extreme ease-of-use for the user.

TunnelBear

TunnelBear

TunnelBear is a Virtual Private Network services provider offering secure encrypted access to the internet.

Defendify

Defendify

We built Defendify to help small businesses navigate the cybersecurity landscape with cybersecurity that is dead simple, affordable, and works around the clock.

Cyber Talents

Cyber Talents

CyberTalents is on a mission to close the gap of cyber security professionals shortage across the globe.

Fastcomcorp

Fastcomcorp

Fastcomcorp offers a world-class proactive cyber security defense and risk management consulting. Including Darkweb monitoring and posture assessments.

Cybersecurity Center for Secure Evolvable Energy Delivery Systems (SEEDS)

Cybersecurity Center for Secure Evolvable Energy Delivery Systems (SEEDS)

SEEDS conducts research and develops innovative cybersecurity technologies, tools, and methodologies that advance the energy sector’s ability to survive cyber incidents.

HORNE

HORNE

HORNE is a professional services firm supporting clients in public, private & government sectors nationwide.

Pathway Communications

Pathway Communications

Established in 1995, Pathway Communications – is part of the Pathway Group of Companies, a Canadian IT Managed Services organization.

Recon InfoSec

Recon InfoSec

The Recon InfoSec team includes analysts, architects, engineers, intrusion specialists, penetration testers, and operations experts.

Sirti

Sirti

Sirti is Italy's leading technology company in the design and production of network infrastructures and telecoms system integration.

SafeLiShare

SafeLiShare

SafeLiShare’s data security platform unifies encryption strategies for organizations with hybrid and multi-cloud infrastructures, ensuring data is secure regardless of its location.

IDCARE

IDCARE

IDCARE is Australia and New Zealand’s national identity & cyber support service. Our service is the only one of its type in the world.

CertX

CertX

CertX is a Swiss functional safety, cybersecurity and artificial intelligence certification body.